CVE-2025-8088 — WinRAR path traversal: still fuelling Ukraine intrusions a year after the fix `[SINGLE-SOURCE]`

A reminder that "patched" is not "remediated" where users don't update. Trend Micro documented two Russia-aligned campaigns still exploiting CVE-2025-8088 — a path traversal via NTFS Alternate Data Streams in WinRAR patched in July 2025 — nearly a year on: GIFTEDCROOK delivery via UAC-0226 and an Earth Dahu chain (Trend Micro; daily 06-10). The operational takeaway for any estate with desktop WinRAR: inventory and force-update, because the archived-fix assumption is exactly what these operators rely on.